VIR Vulnerability Intelligence Relay

Search

Found 2,275 results in 398ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-17600 critical 9.8 10.0 EXP basic_b2b_script_project 9y ago Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.
CVE-2017-17599 critical 9.8 10.0 EXP advance_online_learning_management_script_project 9y ago Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter.
CVE-2017-17598 critical 9.8 10.0 EXP affiliate_mlm_script_project 9y ago Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.
CVE-2017-17597 critical 9.8 10.0 EXP nearbuy_clone_script_project 9y ago Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.
CVE-2017-17596 critical 9.8 10.0 EXP entrepreneur_job_portal_script_project 9y ago Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.
CVE-2017-17595 critical 9.8 10.0 EXP beauty_parlour_booking_script_project 9y ago Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.
CVE-2017-17594 critical 9.8 10.0 EXP domainsale_php_script_project 9y ago DomainSale PHP Script 1.0 has SQL Injection via the domain.php id parameter.
CVE-2017-17592 critical 9.8 10.0 EXP website_auction_marketplace_project 9y ago Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.
CVE-2017-17591 critical 9.8 10.0 EXP realestate_crowdfunding_script_project 9y ago Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.
CVE-2017-17590 critical 9.8 10.0 EXP stackoverflow-clone_project 9y ago FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.
CVE-2017-17589 critical 9.8 10.0 EXP thumbtack_clone_project 9y ago FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.
CVE-2017-17588 critical 9.8 10.0 EXP imdb_clone_project 9y ago FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter.
CVE-2017-17587 critical 9.8 10.0 EXP indiamart_clone_project 9y ago FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter.
CVE-2017-17586 critical 9.8 10.0 EXP olx_clone_project 9y ago FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter.
CVE-2017-17585 critical 9.8 10.0 EXP monster_clone_project 9y ago FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter.
CVE-2017-17584 critical 9.8 10.0 EXP makemytrip_clone_project 9y ago FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter.
CVE-2017-17583 critical 9.8 10.0 EXP shutterstock_clone_project 9y ago FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.
CVE-2017-17582 critical 9.8 10.0 EXP grubhub_clone_project 9y ago FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2017-17581 critical 9.8 10.0 EXP quibids_clone_project 9y ago FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.
CVE-2017-17580 critical 9.8 10.0 EXP linkedin_clone_project 9y ago FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.
CVE-2017-17579 critical 9.8 10.0 EXP freelancer_clone_project 9y ago FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter.
CVE-2017-17578 critical 9.8 10.0 EXP crowdfunding_script_project 9y ago FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.
CVE-2017-17577 critical 9.8 10.0 EXP trademe_clone_project 9y ago FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter.
CVE-2017-17576 critical 9.8 10.0 EXP gigs_script_project 9y ago FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.
CVE-2017-17575 critical 9.8 10.0 EXP groupon_clone_project 9y ago FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.
CVE-2017-17574 critical 9.8 10.0 EXP care_clone_project 9y ago FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.
CVE-2017-17573 critical 9.8 10.0 EXP fortunescripts 9y ago FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.
CVE-2017-17572 critical 9.8 10.0 EXP amazon_clone_project 9y ago FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari.
CVE-2017-17571 critical 9.8 10.0 EXP foodpanda_clone_project 9y ago FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.
CVE-2017-17570 critical 9.8 10.0 EXP expedia_clone_project 9y ago FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.
CVE-2017-17560 critical 9.8 10.0 EXP 9y ago An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is…
CVE-2017-17111 critical 9.8 10.0 EXP scubez 9y ago Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
CVE-2017-17110 critical 9.8 10.0 EXP techno_-_portfolio_management_panel_project 9y ago Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.
CVE-2017-17055 critical 9.0 10.0 EXP articatech 9y ago Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.…
CVE-2017-16930 critical 9.8 10.0 EXP claymore_dual_miner_project 9y ago The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. Th…
CVE-2017-11282 critical 9.8 10.0 EXP macos macos linux-kernel rhel adobe 9y ago Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVE-2017-11281 critical 9.8 10.0 EXP macos macos linux-kernel rhel adobe 9y ago Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlie…
CVE-2017-16935 critical 9.8 10.0 EXP ametys 9y ago Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/s…
CVE-2017-16934 critical 9.8 10.0 EXP dbltek 9y ago The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this pas…
CVE-2015-3934 critical 9.8 10.0 EXP fiyo 9y ago Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user pa…
CVE-2017-12635 critical 9.8 10.0 EXPFIX slesarch arch apache 9y ago multiple issues in couchdb
CVE-2017-16783 critical 9.8 10.0 EXP cmsmadesimple 9y ago In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
CVE-2017-16780 critical 9.8 10.0 EXP mybb 9y ago The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
CVE-2017-16562 critical 9.8 10.0 EXP userproplugin 9y ago The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value f…
CVE-2017-11309 critical 9.6 10.0 EXP avaya 9y ago Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
CVE-2015-3933 critical 9.8 10.0 EXP metalgenix 9y ago MetalGenix GeniXCMS vulnerable to SQL Injection
CVE-2017-16543 critical 9.8 10.0 EXP zohocorp 9y ago Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
CVE-2017-15993 critical 9.8 10.0 EXP zomato_clone_script_project 9y ago Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.
CVE-2017-15992 critical 9.8 10.0 EXP website_broker_script_project 9y ago Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
CVE-2017-15991 critical 9.8 10.0 EXP vastal 9y ago Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type,…
CVE-2017-15990 critical 9.8 10.0 EXP savsofteproducts 9y ago Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.
CVE-2017-15989 critical 9.8 10.0 EXP online_exam_test_application_project 9y ago Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.
CVE-2017-15988 critical 9.8 10.0 EXP nicephpscripts 9y ago Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.
CVE-2017-15987 critical 9.8 10.0 EXP fake_magazine_cover_script_project 9y ago Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.
CVE-2017-15986 critical 9.8 10.0 EXP cpa_lead_reward_script_project 9y ago CPA Lead Reward Script allows SQL Injection via the username parameter.
CVE-2017-15985 critical 9.8 10.0 EXP readymadeb2bscript 9y ago Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
CVE-2017-15984 critical 9.8 10.0 EXP bekirk 9y ago Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
CVE-2017-15983 critical 9.8 10.0 EXP geniusocean 9y ago MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15982 critical 9.8 10.0 EXP geniusocean 9y ago Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15981 critical 9.8 10.0 EXP geniusocean 9y ago Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
CVE-2017-15980 critical 9.8 10.0 EXP rowindex 9y ago US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.
CVE-2017-15979 critical 9.8 10.0 EXP odallated 9y ago Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.
CVE-2017-15978 critical 9.8 10.0 EXP arox 9y ago AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
CVE-2017-15977 critical 9.8 10.0 EXP protectedlinks 9y ago Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
CVE-2012-5357 critical 9.8 10.0 EXP ektron 9y ago Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE …
CVE-2017-15976 critical 9.8 10.0 EXP zeescripts 9y ago ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.
CVE-2017-15975 critical 9.8 10.0 EXP vastal 9y ago Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.
CVE-2017-15974 critical 9.8 10.0 EXP datacomponents 9y ago tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
CVE-2017-15973 critical 9.8 10.0 EXP sokial 9y ago Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.
CVE-2017-15972 critical 9.8 10.0 EXP softdatepro 9y ago SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15…
CVE-2017-15971 critical 9.8 10.0 EXP softdatepro 9y ago Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.
CVE-2017-15970 critical 9.8 10.0 EXP phpcityportal 9y ago PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
CVE-2017-15969 critical 9.8 10.0 EXP pilotgroup 9y ago PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.
CVE-2017-15968 critical 9.8 10.0 EXP contractorscripts 9y ago MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
CVE-2017-15967 critical 9.8 10.0 EXP mailing-manager 9y ago Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
CVE-2017-15966 critical 9.8 10.0 EXP zh_yandexmap_project 9y ago The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
CVE-2017-15965 critical 9.8 10.0 EXP nswd 9y ago The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
CVE-2017-15964 critical 9.8 10.0 EXP nicephpscripts 9y ago Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
CVE-2017-15963 critical 9.8 10.0 EXP itechscripts 9y ago iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
CVE-2017-15962 critical 9.8 10.0 EXP istock_management_system_project 9y ago iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
CVE-2017-15961 critical 9.8 10.0 EXP iproject_management_system_project 9y ago iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
CVE-2017-15960 critical 9.8 10.0 EXP yourarticlesdirectory 9y ago Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.
CVE-2017-15959 critical 9.8 10.0 EXP adultscriptpro 9y ago Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.
CVE-2017-15958 critical 9.8 10.0 EXP domainzaar 9y ago D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
CVE-2014-2023 critical 9.8 10.0 EXP tapatalk 9y ago Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API r…
CVE-2017-15222 critical 9.8 10.0 EXP nftp_project 9y ago Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
CVE-2017-15081 critical 9.8 10.0 EXP phpsugar 9y ago In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
CVE-2017-15580 critical 9.8 10.0 EXP osticket 9y ago osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as…
CVE-2017-10366 critical 9.8 10.0 EXP oracle 9y ago Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.54, 8.55 and 8.56. Ea…
CVE-2017-14322 critical 9.8 10.0 EXP interspire 9y ago The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administra…
CVE-2017-15579 critical 9.8 10.0 EXP phpsugar 9y ago In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
CVE-2015-2780 critical 9.8 10.0 EXP berta 9y ago Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct re…
CVE-2014-9148 critical 9.8 10.0 EXP fiyo 9y ago Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct …
CVE-2017-12629 critical 9.8 10.0 EXPFIX debian debianubuntu ubuntu rhel apacheredhat 9y ago Remote code execution occurs in Apache Solr
CVE-2017-15220 critical 9.8 10.0 EXP flexense 9y ago Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary cod…
CVE-2013-6924 critical 9.8 10.0 EXP 9y ago Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
CVE-2017-14980 critical 9.8 10.0 EXP flexense 9y ago Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.
CVE-2014-0030 critical 9.8 10.0 EXP apache 9y ago The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
CVE-2015-2147 critical 9.8 10.0 EXP phpbugtracker_project 9y ago Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2017-14089 critical 9.8 10.0 EXP trendmicro 9y ago An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and ca…